Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Known Behavior and Issues

Known Behavior

  • Unified policies are supported. Legacy application security policies are not supported.

  • Global address book is supported. Zone address book is not supported.

  • When you import a policy that has rules with unsupported configuration, Juniper Security Director Cloud shows those rules information under Summary on import wizard. After importing, these rules with unsupported configurations are grayed out and shown with a disabled icon to differentiate between system-disabled rules and a rule disabled by user. The Rule description also shows the reason for disabling these rules.

    You cannot delete, edit, or perform any rule actions on these unsupported rules.

  • Juniper Security Director Cloud overwrites the user configuration performed directly from the device CLI or any other interface other than the portal.

    To avoid conflicts, you can import the configurations and re-assign the devices from existing policies.

Known Issues

  • Image installation fails for an image that is stored in Amazon Web Services (AWS) setup with low bandwidth device links.

    Workaround:

    • You can add the images from the SRX>Device Management>Software Images page, and deploy the images for the device.

    • Try a manual CLI command execution on the device.

  • The security policy import and deploy might fail if any hidden commands are available in an SRX device due to old version incompatibility, for example, content security configuration, and security policy.

    Workaround:

    Delete any hidden or undocumented commands from SRX devices, import the policy configuration again to Juniper Security Director Cloud, and then deploy the security policy.

  • During a policy version rollback, if you resolve any conflicts for a content security profile, the conflicts are shown again even if there are no further conflicts. Ignore the conflicts and proceed with the rollback operation. [See Rollback a Policy Version].

  • After unassigning a device from a security policy or a NAT policy and deploying that policy, the policy configuration is deleted from the unassigned device. However, the deploy job doesn't show the information about the unassigned device.

  • After deleting and deploying a VPN, the preview shows additional commands related to previous VPN combinations. This issue is observed only for EBGP or RIP routing protocols with multi-vpn.

  • With SMB protocol option in pre-defined AAMW profile, commit is failing for devices with version prior to Junos OS release 21.1.

    Workaround:

    Clone the default AAMW profile and disable the SMB protocol. Use the cloned profile in the Security Policy or global options.

  • While upgrading a device (through software image) to Junos OS 21.1 and above, an error ISSU is not supported for Clock Synchronization (SyncE) is shown.

    Workaround:

    Upgrade the cluster from CLI with the workaround provided in https://prsearch.juniper.net/problemreport/PR1632810.

  • When importing a security policy, a dynamic-address type is shown with two different names: address and Dynamic-address.

  • After the security log configuration is pushed to device, the session on port 6514 does not get established immediately. The security and session log takes more than 10 minutes to appear in the Juniper Security Director Cloud UI. This behavior can be sporadically seen after onboarding the device or after consecutive re-negotiation of TLS connection from the device.

    Workaround:

    Use the following steps to change the security log stream to one of the host IP addresses to receive the security logs.

    1. View the DNS hostname information using show host srx.sdcloud.juniperclouds.net.

      srx.sdcloud.juniperclouds.net has address 10.1.23.1

      srx.sdcloud.juniperclouds.net has address 172.16.45.01

      srx.sdcloud.juniperclouds.net has address 192.168.1.1

    2. Resolve the domain name by configuring the security log stream sd-cloud-logs to one of the IP addresses.

      For example, set security log stream sd-cloud-logs host 10.1.23.1

  • Juniper Security Director Cloud is unable to show the following logs for SRX Series Firewall with Junos OS version 21.4 R3-S3.4 and later versions.

    • Web filtering logs

    • RT_FLOW logs

    • Content security logs